bcoddens/Shared-ecr

## Shared-ecr
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
    ProjectName:
        Type: String
        Description: "The project name"
        Default: "ecr"
    ECRSharedName:
        Type: String
        Description: "Specify the shared ECR Name"
        Default: "krf-docker-shared"
    DevAccount:
        Type: String
        Description: "The Developper AWS account"
        Default: "208629519785"
    StagingAccount:
        Type: String
        Description: "The Staging AWS account"
        Default: "345921096939"
    ProdAccount:
        Type: String
        Description: "The Production AWS account"
        Default: "411639027760"
    CloudarAccount:
        Type: String
        Description: "The Cloudar AWS account"
        Default: "372100518424"
    SSMprefix:
        Type: String
        Description: "The default SSM prefix"
        Default: "/docker"
Resources:
    ECRSharedRepo:
      Type: AWS::ECR::Repository
      Properties:
        RepositoryName: !Join [ '-', [!Ref ProjectName, !Ref ECRSharedName] ]
        RepositoryPolicyText:
          Version: "2012-10-17"
          Statement:
            -
              Sid: AllowPushPull
              Effect: Allow
              Principal:
                AWS:
                  - !Sub "arn:aws:iam::${DevAccount}:root"
                  - !Sub "arn:aws:iam::${StagingAccount}:root"
                  - !Sub "arn:aws:iam::${ProdAccount}:root"
                  - !Sub "arn:aws:iam::${DevAccount}:user/jenkins"
                  - !Sub "arn:aws:iam::${ProdAccount}:user/jenkins"
                  - !Sub "arn:aws:iam::${StagingAccount}:user/jenkins"

              Action:
                - "ecr:GetDownloadUrlForLayer"
                - "ecr:BatchGetImage"
                - "ecr:BatchCheckLayerAvailability"
                - "ecr:PutImage"
                - "ecr:InitiateLayerUpload"
                - "ecr:UploadLayerPart"
                - "ecr:CompleteLayerUpload"

        Tags:
          - Key: support
            Value: standard
          - Key: monitor_site24x7
            Value: 'true'
          - Key: environment
            Value: !Ref Tier
          - Key: "Name"
            Value: !Join ['-', [!Ref ProjectName, !Ref ECRSharedName]]

    SharedECRSSMParam:
      Type: AWS::SSM::Parameter
      Properties:
        Description: Name of the shared ECR
        Name: !Join
          - '/'
          - - !Ref SSMprefix
            - 'ecr'
            - 'shared'
        Type: String
        Value: !GetAtt ECRSharedRepo.Arn

Outputs:
  ECRSharedNameArn:
    Description: "ARN Shared Repository"
    Value: !GetAtt ECRSharedRepo.Arn
	AWSTemplateFormatVersion: '2010-09-09'
	Parameters:
	ProjectName:
	Type: String
	Description: "The project name"
	Default: "ecr"
	ECRSharedName:
	Type: String
	Description: "Specify the shared ECR Name"
	Default: "krf-docker-shared"
	DevAccount:
	Type: String
	Description: "The Developper AWS account"
	Default: "208629519785"
	StagingAccount:
	Type: String
	Description: "The Staging AWS account"
	Default: "345921096939"
	ProdAccount:
	Type: String
	Description: "The Production AWS account"
	Default: "411639027760"
	CloudarAccount:
	Type: String
	Description: "The Cloudar AWS account"
	Default: "372100518424"
	SSMprefix:
	Type: String
	Description: "The default SSM prefix"
	Default: "/docker"
	Resources:
	ECRSharedRepo:
	Type: AWS::ECR::Repository
	Properties:
	RepositoryName: !Join [ '-', [!Ref ProjectName, !Ref ECRSharedName] ]
	RepositoryPolicyText:
	Version: "2012-10-17"
	Statement:
	-
	Sid: AllowPushPull
	Effect: Allow
	Principal:
	AWS:
	- !Sub "arn:aws:iam::${DevAccount}:root"
	- !Sub "arn:aws:iam::${StagingAccount}:root"
	- !Sub "arn:aws:iam::${ProdAccount}:root"
	- !Sub "arn:aws:iam::${DevAccount}:user/jenkins"
	- !Sub "arn:aws:iam::${ProdAccount}:user/jenkins"
	- !Sub "arn:aws:iam::${StagingAccount}:user/jenkins"

	Action:
	- "ecr:GetDownloadUrlForLayer"
	- "ecr:BatchGetImage"
	- "ecr:BatchCheckLayerAvailability"
	- "ecr:PutImage"
	- "ecr:InitiateLayerUpload"
	- "ecr:UploadLayerPart"
	- "ecr:CompleteLayerUpload"

	Tags:
	- Key: support
	Value: standard
	- Key: monitor_site24x7
	Value: 'true'
	- Key: environment
	Value: !Ref Tier
	- Key: "Name"
	Value: !Join ['-', [!Ref ProjectName, !Ref ECRSharedName]]

	SharedECRSSMParam:
	Type: AWS::SSM::Parameter
	Properties:
	Description: Name of the shared ECR
	Name: !Join
	- '/'
	- - !Ref SSMprefix
	- 'ecr'
	- 'shared'
	Type: String
	Value: !GetAtt ECRSharedRepo.Arn

	Outputs:
	ECRSharedNameArn:
	Description: "ARN Shared Repository"
	Value: !GetAtt ECRSharedRepo.Arn